Technical Field
This disclosure relates generally to securing resources in a distributed computing environment and, in particular, to the protection and auditing of file systems.
Background of the Related Art
Existing information security solutions often leave databases vulnerable to advanced hacking techniques and insider attacks. Indeed, databases have been and continue to be a primary target for external hackers and insider attacks. This is because databases contain an organization's most valuable information, including customer records, payment card data, and financial results. Statistics show that hackers are skilled at using techniques, such as cross-site scripting, to penetrate perimeter defenses and reach the database. Existing security solutions, such as intrusion detection systems, lack the knowledge of database protocols and structures required to detect inappropriate activities. Other solutions that rely on native DBMS logs, such as security information and event management (SIEM) systems, do not operate in real-time, can be evaded by users with elevated privileges (which hackers often acquire), and may introduce problematic overhead. To address these issues, it is known to provide systems to automatically monitor database transactions, and to respond in real-time to access policy violations. One such system is IBM® InfoSphere™ Guardium®, a unified, cross-platform solution that both protects databases in real-time and automates compliance auditing processes.
Database systems store structured information in an access-controlled manner. They are used for storing related, structured data, using well-defined data formats. Although solutions like IBM Guardium provide significant advantages for structured content, a large percentage of content within an enterprise is unstructured. This type of content (e.g., email, documents, images, video and audio) is stored across the enterprise (and potentially externally, e.g., using cloud-based systems, with trusted partners, and the like) in file systems. A file system uses files to store arbitrary, often unrelated data. In contrast to a database system, a file system is a much more unstructured data store.
Unstructured content often is difficult to manage, but it is rapidly growing. The existence of shared network drives exacerbates this problem. Enterprises today have a need to improve the way they manage access to and auditing with respect to such unstructured information stored in file systems, all without necessarily exposing sensitive data, and in an intelligent, efficient and cost-effective way. While there are existing techniques (e.g., anti-virus software, or home grown solutions) that are able to detect and monitor file system operations, such approaches have limited scope, and are costly and ineffective. For example, existing mechanisms do not make use of file metadata and file content analysis, do not correlate across multiple repositories, do not tie users to roles, do not support policy-based alerts, do not block access to sensitive content, and do not provide comprehensive access rights audits. Without such information, enterprises are not able to effectively ensure the integrity and protection of their sensitive data, meet regulatory compliance requirements in a cost-effective way, or scale their security systems with data volumes that are growing exponentially.